123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532 |
- /*
- * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the Apache License 2.0 (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
- #include "internal/namemap.h"
- #include <openssl/lhash.h>
- #include "crypto/lhash.h" /* ossl_lh_strcasehash */
- #include "internal/tsan_assist.h"
- #include "internal/sizes.h"
- #include "crypto/context.h"
- /*-
- * The namenum entry
- * =================
- */
- typedef struct {
- char *name;
- int number;
- } NAMENUM_ENTRY;
- DEFINE_LHASH_OF_EX(NAMENUM_ENTRY);
- /*-
- * The namemap itself
- * ==================
- */
- struct ossl_namemap_st {
- /* Flags */
- unsigned int stored:1; /* If 1, it's stored in a library context */
- CRYPTO_RWLOCK *lock;
- LHASH_OF(NAMENUM_ENTRY) *namenum; /* Name->number mapping */
- TSAN_QUALIFIER int max_number; /* Current max number */
- };
- /* LHASH callbacks */
- static unsigned long namenum_hash(const NAMENUM_ENTRY *n)
- {
- return ossl_lh_strcasehash(n->name);
- }
- static int namenum_cmp(const NAMENUM_ENTRY *a, const NAMENUM_ENTRY *b)
- {
- return OPENSSL_strcasecmp(a->name, b->name);
- }
- static void namenum_free(NAMENUM_ENTRY *n)
- {
- if (n != NULL)
- OPENSSL_free(n->name);
- OPENSSL_free(n);
- }
- /* OSSL_LIB_CTX_METHOD functions for a namemap stored in a library context */
- void *ossl_stored_namemap_new(OSSL_LIB_CTX *libctx)
- {
- OSSL_NAMEMAP *namemap = ossl_namemap_new();
- if (namemap != NULL)
- namemap->stored = 1;
- return namemap;
- }
- void ossl_stored_namemap_free(void *vnamemap)
- {
- OSSL_NAMEMAP *namemap = vnamemap;
- if (namemap != NULL) {
- /* Pretend it isn't stored, or ossl_namemap_free() will do nothing */
- namemap->stored = 0;
- ossl_namemap_free(namemap);
- }
- }
- /*-
- * API functions
- * =============
- */
- int ossl_namemap_empty(OSSL_NAMEMAP *namemap)
- {
- #ifdef TSAN_REQUIRES_LOCKING
- /* No TSAN support */
- int rv;
- if (namemap == NULL)
- return 1;
- if (!CRYPTO_THREAD_read_lock(namemap->lock))
- return -1;
- rv = namemap->max_number == 0;
- CRYPTO_THREAD_unlock(namemap->lock);
- return rv;
- #else
- /* Have TSAN support */
- return namemap == NULL || tsan_load(&namemap->max_number) == 0;
- #endif
- }
- typedef struct doall_names_data_st {
- int number;
- const char **names;
- int found;
- } DOALL_NAMES_DATA;
- static void do_name(const NAMENUM_ENTRY *namenum, DOALL_NAMES_DATA *data)
- {
- if (namenum->number == data->number)
- data->names[data->found++] = namenum->name;
- }
- IMPLEMENT_LHASH_DOALL_ARG_CONST(NAMENUM_ENTRY, DOALL_NAMES_DATA);
- /*
- * Call the callback for all names in the namemap with the given number.
- * A return value 1 means that the callback was called for all names. A
- * return value of 0 means that the callback was not called for any names.
- */
- int ossl_namemap_doall_names(const OSSL_NAMEMAP *namemap, int number,
- void (*fn)(const char *name, void *data),
- void *data)
- {
- DOALL_NAMES_DATA cbdata;
- size_t num_names;
- int i;
- cbdata.number = number;
- cbdata.found = 0;
- /*
- * We collect all the names first under a read lock. Subsequently we call
- * the user function, so that we're not holding the read lock when in user
- * code. This could lead to deadlocks.
- */
- if (!CRYPTO_THREAD_read_lock(namemap->lock))
- return 0;
- num_names = lh_NAMENUM_ENTRY_num_items(namemap->namenum);
- if (num_names == 0) {
- CRYPTO_THREAD_unlock(namemap->lock);
- return 0;
- }
- cbdata.names = OPENSSL_malloc(sizeof(*cbdata.names) * num_names);
- if (cbdata.names == NULL) {
- CRYPTO_THREAD_unlock(namemap->lock);
- return 0;
- }
- lh_NAMENUM_ENTRY_doall_DOALL_NAMES_DATA(namemap->namenum, do_name,
- &cbdata);
- CRYPTO_THREAD_unlock(namemap->lock);
- for (i = 0; i < cbdata.found; i++)
- fn(cbdata.names[i], data);
- OPENSSL_free(cbdata.names);
- return 1;
- }
- /* This function is not thread safe, the namemap must be locked */
- static int namemap_name2num(const OSSL_NAMEMAP *namemap,
- const char *name)
- {
- NAMENUM_ENTRY *namenum_entry, namenum_tmpl;
- namenum_tmpl.name = (char *)name;
- namenum_tmpl.number = 0;
- namenum_entry =
- lh_NAMENUM_ENTRY_retrieve(namemap->namenum, &namenum_tmpl);
- return namenum_entry != NULL ? namenum_entry->number : 0;
- }
- int ossl_namemap_name2num(const OSSL_NAMEMAP *namemap, const char *name)
- {
- int number;
- #ifndef FIPS_MODULE
- if (namemap == NULL)
- namemap = ossl_namemap_stored(NULL);
- #endif
- if (namemap == NULL)
- return 0;
- if (!CRYPTO_THREAD_read_lock(namemap->lock))
- return 0;
- number = namemap_name2num(namemap, name);
- CRYPTO_THREAD_unlock(namemap->lock);
- return number;
- }
- int ossl_namemap_name2num_n(const OSSL_NAMEMAP *namemap,
- const char *name, size_t name_len)
- {
- char *tmp;
- int ret;
- if (name == NULL || (tmp = OPENSSL_strndup(name, name_len)) == NULL)
- return 0;
- ret = ossl_namemap_name2num(namemap, tmp);
- OPENSSL_free(tmp);
- return ret;
- }
- struct num2name_data_st {
- size_t idx; /* Countdown */
- const char *name; /* Result */
- };
- static void do_num2name(const char *name, void *vdata)
- {
- struct num2name_data_st *data = vdata;
- if (data->idx > 0)
- data->idx--;
- else if (data->name == NULL)
- data->name = name;
- }
- const char *ossl_namemap_num2name(const OSSL_NAMEMAP *namemap, int number,
- size_t idx)
- {
- struct num2name_data_st data;
- data.idx = idx;
- data.name = NULL;
- if (!ossl_namemap_doall_names(namemap, number, do_num2name, &data))
- return NULL;
- return data.name;
- }
- /* This function is not thread safe, the namemap must be locked */
- static int namemap_add_name(OSSL_NAMEMAP *namemap, int number,
- const char *name)
- {
- NAMENUM_ENTRY *namenum = NULL;
- int tmp_number;
- /* If it already exists, we don't add it */
- if ((tmp_number = namemap_name2num(namemap, name)) != 0)
- return tmp_number;
- if ((namenum = OPENSSL_zalloc(sizeof(*namenum))) == NULL)
- return 0;
- if ((namenum->name = OPENSSL_strdup(name)) == NULL)
- goto err;
- /* The tsan_counter use here is safe since we're under lock */
- namenum->number =
- number != 0 ? number : 1 + tsan_counter(&namemap->max_number);
- (void)lh_NAMENUM_ENTRY_insert(namemap->namenum, namenum);
- if (lh_NAMENUM_ENTRY_error(namemap->namenum))
- goto err;
- return namenum->number;
- err:
- namenum_free(namenum);
- return 0;
- }
- int ossl_namemap_add_name(OSSL_NAMEMAP *namemap, int number,
- const char *name)
- {
- int tmp_number;
- #ifndef FIPS_MODULE
- if (namemap == NULL)
- namemap = ossl_namemap_stored(NULL);
- #endif
- if (name == NULL || *name == 0 || namemap == NULL)
- return 0;
- if (!CRYPTO_THREAD_write_lock(namemap->lock))
- return 0;
- tmp_number = namemap_add_name(namemap, number, name);
- CRYPTO_THREAD_unlock(namemap->lock);
- return tmp_number;
- }
- int ossl_namemap_add_names(OSSL_NAMEMAP *namemap, int number,
- const char *names, const char separator)
- {
- char *tmp, *p, *q, *endp;
- /* Check that we have a namemap */
- if (!ossl_assert(namemap != NULL)) {
- ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
- if ((tmp = OPENSSL_strdup(names)) == NULL)
- return 0;
- if (!CRYPTO_THREAD_write_lock(namemap->lock)) {
- OPENSSL_free(tmp);
- return 0;
- }
- /*
- * Check that no name is an empty string, and that all names have at
- * most one numeric identity together.
- */
- for (p = tmp; *p != '\0'; p = q) {
- int this_number;
- size_t l;
- if ((q = strchr(p, separator)) == NULL) {
- l = strlen(p); /* offset to \0 */
- q = p + l;
- } else {
- l = q - p; /* offset to the next separator */
- *q++ = '\0';
- }
- if (*p == '\0') {
- ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_BAD_ALGORITHM_NAME);
- number = 0;
- goto end;
- }
- this_number = namemap_name2num(namemap, p);
- if (number == 0) {
- number = this_number;
- } else if (this_number != 0 && this_number != number) {
- ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_CONFLICTING_NAMES,
- "\"%s\" has an existing different identity %d (from \"%s\")",
- p, this_number, names);
- number = 0;
- goto end;
- }
- }
- endp = p;
- /* Now that we have checked, register all names */
- for (p = tmp; p < endp; p = q) {
- int this_number;
- q = p + strlen(p) + 1;
- this_number = namemap_add_name(namemap, number, p);
- if (number == 0) {
- number = this_number;
- } else if (this_number != number) {
- ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR,
- "Got number %d when expecting %d",
- this_number, number);
- number = 0;
- goto end;
- }
- }
- end:
- CRYPTO_THREAD_unlock(namemap->lock);
- OPENSSL_free(tmp);
- return number;
- }
- /*-
- * Pre-population
- * ==============
- */
- #ifndef FIPS_MODULE
- #include <openssl/evp.h>
- /* Creates an initial namemap with names found in the legacy method db */
- static void get_legacy_evp_names(int base_nid, int nid, const char *pem_name,
- void *arg)
- {
- int num = 0;
- ASN1_OBJECT *obj;
- if (base_nid != NID_undef) {
- num = ossl_namemap_add_name(arg, num, OBJ_nid2sn(base_nid));
- num = ossl_namemap_add_name(arg, num, OBJ_nid2ln(base_nid));
- }
- if (nid != NID_undef) {
- num = ossl_namemap_add_name(arg, num, OBJ_nid2sn(nid));
- num = ossl_namemap_add_name(arg, num, OBJ_nid2ln(nid));
- if ((obj = OBJ_nid2obj(nid)) != NULL) {
- char txtoid[OSSL_MAX_NAME_SIZE];
- if (OBJ_obj2txt(txtoid, sizeof(txtoid), obj, 1) > 0)
- num = ossl_namemap_add_name(arg, num, txtoid);
- }
- }
- if (pem_name != NULL)
- num = ossl_namemap_add_name(arg, num, pem_name);
- }
- static void get_legacy_cipher_names(const OBJ_NAME *on, void *arg)
- {
- const EVP_CIPHER *cipher = (void *)OBJ_NAME_get(on->name, on->type);
- if (cipher != NULL)
- get_legacy_evp_names(NID_undef, EVP_CIPHER_get_type(cipher), NULL, arg);
- }
- static void get_legacy_md_names(const OBJ_NAME *on, void *arg)
- {
- const EVP_MD *md = (void *)OBJ_NAME_get(on->name, on->type);
- if (md != NULL)
- get_legacy_evp_names(0, EVP_MD_get_type(md), NULL, arg);
- }
- static void get_legacy_pkey_meth_names(const EVP_PKEY_ASN1_METHOD *ameth,
- void *arg)
- {
- int nid = 0, base_nid = 0, flags = 0;
- const char *pem_name = NULL;
- EVP_PKEY_asn1_get0_info(&nid, &base_nid, &flags, NULL, &pem_name, ameth);
- if (nid != NID_undef) {
- if ((flags & ASN1_PKEY_ALIAS) == 0) {
- switch (nid) {
- case EVP_PKEY_DHX:
- /* We know that the name "DHX" is used too */
- get_legacy_evp_names(0, nid, "DHX", arg);
- /* FALLTHRU */
- default:
- get_legacy_evp_names(0, nid, pem_name, arg);
- }
- } else {
- /*
- * Treat aliases carefully, some of them are undesirable, or
- * should not be treated as such for providers.
- */
- switch (nid) {
- case EVP_PKEY_SM2:
- /*
- * SM2 is a separate keytype with providers, not an alias for
- * EC.
- */
- get_legacy_evp_names(0, nid, pem_name, arg);
- break;
- default:
- /* Use the short name of the base nid as the common reference */
- get_legacy_evp_names(base_nid, nid, pem_name, arg);
- }
- }
- }
- }
- #endif
- /*-
- * Constructors / destructors
- * ==========================
- */
- OSSL_NAMEMAP *ossl_namemap_stored(OSSL_LIB_CTX *libctx)
- {
- #ifndef FIPS_MODULE
- int nms;
- #endif
- OSSL_NAMEMAP *namemap =
- ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_NAMEMAP_INDEX);
- if (namemap == NULL)
- return NULL;
- #ifndef FIPS_MODULE
- nms = ossl_namemap_empty(namemap);
- if (nms < 0) {
- /*
- * Could not get lock to make the count, so maybe internal objects
- * weren't added. This seems safest.
- */
- return NULL;
- }
- if (nms == 1) {
- int i, end;
- /* Before pilfering, we make sure the legacy database is populated */
- OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
- | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
- OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH,
- get_legacy_cipher_names, namemap);
- OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH,
- get_legacy_md_names, namemap);
- /* We also pilfer data from the legacy EVP_PKEY_ASN1_METHODs */
- for (i = 0, end = EVP_PKEY_asn1_get_count(); i < end; i++)
- get_legacy_pkey_meth_names(EVP_PKEY_asn1_get0(i), namemap);
- }
- #endif
- return namemap;
- }
- OSSL_NAMEMAP *ossl_namemap_new(void)
- {
- OSSL_NAMEMAP *namemap;
- if ((namemap = OPENSSL_zalloc(sizeof(*namemap))) != NULL
- && (namemap->lock = CRYPTO_THREAD_lock_new()) != NULL
- && (namemap->namenum =
- lh_NAMENUM_ENTRY_new(namenum_hash, namenum_cmp)) != NULL)
- return namemap;
- ossl_namemap_free(namemap);
- return NULL;
- }
- void ossl_namemap_free(OSSL_NAMEMAP *namemap)
- {
- if (namemap == NULL || namemap->stored)
- return;
- lh_NAMENUM_ENTRY_doall(namemap->namenum, namenum_free);
- lh_NAMENUM_ENTRY_free(namemap->namenum);
- CRYPTO_THREAD_lock_free(namemap->lock);
- OPENSSL_free(namemap);
- }
|